CVE-2021-38176
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.
Debido a una incorrecta sanitización de la entrada, un usuario autenticado con ciertos privilegios específicos puede llamar remotamente a los módulos de función NZDT listados en la Sección de Soluciones para ejecutar consultas manipuladas o inyectar código ABAP para obtener acceso a la Base de Datos Backend. Si la explotación tiene éxito, el actor de la amenaza podría comprometer completamente la confidencialidad, la integridad y la disponibilidad del sistema
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-08-07 CVE Reserved
- 2021-09-14 CVE Published
- 2023-04-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 | 2022-07-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Landscape Transformation Search vendor "Sap" for product "Landscape Transformation" | 2.0 Search vendor "Sap" for product "Landscape Transformation" and version "2.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Landscape Transformation Replication Server Search vendor "Sap" for product "Landscape Transformation Replication Server" | 1.0 Search vendor "Sap" for product "Landscape Transformation Replication Server" and version "1.0" | s\/4hana |
Affected
| ||||||
| Sap Search vendor "Sap" | Landscape Transformation Replication Server Search vendor "Sap" for product "Landscape Transformation Replication Server" | 2.0 Search vendor "Sap" for product "Landscape Transformation Replication Server" and version "2.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Landscape Transformation Replication Server Search vendor "Sap" for product "Landscape Transformation Replication Server" | 3.0 Search vendor "Sap" for product "Landscape Transformation Replication Server" and version "3.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4hana Search vendor "Sap" for product "S\/4hana" | 1511 Search vendor "Sap" for product "S\/4hana" and version "1511" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4hana Search vendor "Sap" for product "S\/4hana" | 1610 Search vendor "Sap" for product "S\/4hana" and version "1610" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4hana Search vendor "Sap" for product "S\/4hana" | 1709 Search vendor "Sap" for product "S\/4hana" and version "1709" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4hana Search vendor "Sap" for product "S\/4hana" | 1809 Search vendor "Sap" for product "S\/4hana" and version "1809" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4hana Search vendor "Sap" for product "S\/4hana" | 1909 Search vendor "Sap" for product "S\/4hana" and version "1909" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4hana Search vendor "Sap" for product "S\/4hana" | 2020 Search vendor "Sap" for product "S\/4hana" and version "2020" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4hana Search vendor "Sap" for product "S\/4hana" | 2021 Search vendor "Sap" for product "S\/4hana" and version "2021" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Test Data Migration Server Search vendor "Sap" for product "Test Data Migration Server" | 4.0 Search vendor "Sap" for product "Test Data Migration Server" and version "4.0" | - |
Affected
| ||||||